Navigate:

Opinion Contributor

The privacy risks of CISPA

The author says several changes need to be implemented on CISPA. | Reuters

By MICHELLE RICHARDSON | 4/8/13 9:39 PM EDT

Reports of significant data breaches make headlines ever more frequently, but lost in the cloak and dagger stories of cyberespionage is the impact proposed cybersecurity programs can have on privacy. The same Internet that terrorists, spies and criminals exploit for nefarious purposes is the same Internet we all use daily for intensely private but totally innocuous purposes.

Unfortunately, in their pursuit to protect America’s critical infrastructure and trade secrets, some lawmakers are pushing a dangerous bill that would threaten Americans’ privacy while immunizing companies from any liability should that cyberinformation-sharing cause harm.

Text Size

-

+

reset

This week, the House Intelligence Committee will mark up the Cyber Intelligence Sharing and Protection Act, a bill that creates an exception to all privacy laws on the books so that companies holding our private and sensitive information can share it with each other and the government for cybersecurity purposes. This could include the content of chats and emails and people’s online browsing histories. There is no requirement that companies even attempt to remove personally identifiable information before sharing cyberthreat data nor any requirement that the government minimize and protect that data when it is collected. CISPA grants companies liability protection not only for sharing the information but also for using it however they see fit, including aggressive countermeasures, like hacking into an adversary’s computer. It’s an unmitigated and unaccountable mess for Internet users’ private data.

Perhaps most alarming is that the information — even when it reflects the sensitive and revealing Internet activities of Americans in the United States — can be given directly to the National Security Agency and other military agencies. Even the director of the NSA himself has clearly said that this sort of information sharing is a domestic program and thus, needs to be run by civilians. It’s not clear why the Intelligence Committee insists on empowering the military when even the military and intelligence community oppose it. Some surmise it is a jurisdictional battle among House committees, and if true, there couldn’t be a less compelling argument for turning the military loose on our civilian Internet.